Xref: utzoo comp.unix.wizards:11877 comp.misc:3900
Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!gatech!ncar!tank!nic.MR.NET!uwmcsd1!marque!uunet!mcvax!ukc!stc!datlog!dlhpedg!cl
From: cl@datlog.co.uk (Charles Lambert)
Newsgroups: comp.unix.wizards,comp.misc
Subject: Re: The Usenet Virus: a case history.
Keywords: Orson Welles
Message-ID: <890@dlhpedg.co.uk>
Date: 19 Oct 88 15:12:39 GMT
References: <2836@sugar.uu.net>
Sender: news@dlhpedg.co.uk
Reply-To: cl@datlog.co.uk (Charles Lambert)
Followup-To: comp.misc
Organization: FSD@Data Logic Ltd, Queens House, Greenhill Way, Harrow, London.
Lines: 19

I have a question about Pete's "speedhack" fiction.   Why would using the
guise of a standard C library routine,  such as malloc() or perror(),  make
the virus any more or less insidious?

In Pete's scenario,  the active code of the virus as scattered under
innocuous names throughout the source.  Is the well-known name a necessary
hook?

I wonder, too,  whether a good static tracer like CSCOPE would help to reveal
such a virus.

As a general comment,  I was delighted to see such a detailed dissertation
about viruses on the net.  The idea that we should not discuss hacking for
fear of giving ideas away is fundamentally flawed.  If knowledge is power,
ignorance is weakness;  and as a fledgeling system manager I don't want to
be weak.

----------
Charlie